def gen_sym_key(ekid, new_kid=None, iv=None, k=None):
out = {'kid': ekid, 'cty': 'b5+jwk+json'}
if new_kid != None:
kid = new_kid
else:
kid = gen_uuid()
if k != None:
new_key = k
else:
new_key = get_random_bytes(32)
key_dat = {
'alg': 'A256GCM',
'ext': True,
'key_ops': ['decrypt', 'encrypt'],
'kty': 'oct',
'kid': kid
}
key_dat['k'] = optestlib.opb64e(new_key)
key_dat_str = json.dumps(key_dat)
optestlib.p_str("New symmetric key", json.dumps(key_dat, indent=4))
sym_keys[kid] = new_key
if ekid == 'mp':
# sym_keys['mk'] = new_key
optestlib.p_debug('\n*** Encrypting sym key with AES kid %s' % ekid)
iv, ct = optestlib.enc_aes_gcm(key_dat_str, sym_keys[ekid], iv=iv)
optestlib.p_data('IV', iv, dump=False)
optestlib.p_data('KEY', sym_keys[ekid], dump=False)
optestlib.p_data('Ciphertext', ct, dump=False)
out['iv'] = optestlib.opb64e(iv)
out['data'] = optestlib.opb64e(ct)
out['enc'] = 'A256GCM'
else: # only the primary sym_key is itself AES encrypted, rest by RSA
optestlib.p_debug('\n*** Encrypting sym key with RSA kid %s\n' % ekid)
jwkj = '{"keys": [%s]}' % json.dumps(pub_keys[ekid])
jwk = load_jwks(jwkj)[0]
optestlib.p_str('Public key e:', jwk.e)
optestlib.p_str('Public key n:', jwk.n)
RSA_Key = RSA.construct((jwk.n, jwk.e))
C = PKCS1_OAEP.new(RSA_Key)
ct = C.encrypt(key_dat_str)
out['enc'] = 'RSA-OAEP'
out['data'] = optestlib.opb64e(ct)
optestlib.p_debug('')
optestlib.p_data('RSA-OAEP ciphertext', ct, dump=False)
return kid, out
def gen_emk():
global sym_keys
optestlib.p_debug('\n** Generating Encrypted Master Key (EMK) block')
win_mk = read_default('win_mk') or get_random_bytes(32)
sym_keys['win-mk'] = win_mk
win_mk_hmac = read_default('win_mk_hmac') or get_random_bytes(32)
sym_keys['win-mk-hmac'] = win_mk_hmac
optestlib.p_data('New MK', win_mk)
optestlib.p_data('New MK HMAC Key', win_mk_hmac)
emk_salt = read_default('emk_salt') or get_random_bytes(emk_slen)
raw_derived_key = hashlib.pbkdf2_hmac('sha512', MasterPassword, emk_salt,
emk_iter, 64)
enc_key = raw_derived_key[0:32]
enc_hmac_key = raw_derived_key[32:64]
optestlib.p_data('MP-derived key', enc_key)
optestlib.p_data('MP-derived HMAC key', enc_hmac_key)
iv = read_default('win_emk_iv')
padding = read_default('win_emk_padding')
op_msg = optestlib.encrypt_opdata(win_mk + win_mk_hmac,
enc_key,
enc_hmac_key,
iv=iv,
padding=padding)
emk = struct.pack('<I', emk_iter) # iterations
emk += struct.pack('<I', emk_slen) # salt length
emk += emk_salt
emk += struct.pack('<I', len(op_msg))
emk += op_msg
optestlib.p_data('Final EMK block', emk)
return optestlib.opb64e(emk)
def gen_rsa_key(ekid, pub=None, priv=None):
if priv == None:
new_priv = RSA.generate(2048)
jwk_priv = RSAKey(key=new_priv).to_dict()
iv = None
else:
iv = optestlib.opb64d(priv['iv'])
jwk_priv = priv['key']
if pub == None:
new_pub = new_priv.publickey()
jwk_pub = RSAKey(key=new_pub).to_dict()
else:
jwk_pub = pub
jwk_priv['alg'] = 'RSA-OAEP'
jwk_priv['key_ops'] = ['decrypt']
jwk_priv['kid'] = ekid
jwk_pub['key_ops'] = ['encrypt']
jwk_pub['alg'] = 'RSA-OAEP'
jwk_pub['ext'] = True
jwk_pub['kid'] = ekid
optestlib.p_str("New Private key", json.dumps(jwk_priv, indent=4))
pri_keys[ekid] = jwk_priv
pub_keys[ekid] = jwk_pub
key_dat_str = json.dumps(jwk_priv)
optestlib.p_debug('\n*** Encrypting pri key with AES kid %s' % ekid)
iv, ct = optestlib.enc_aes_gcm(key_dat_str, sym_keys[ekid], iv=iv)
optestlib.p_data('IV', iv, dump=False)
optestlib.p_data('KEY', sym_keys[ekid], dump=False)
optestlib.p_data('Ciphertext', ct, dump=False)
priv_out = {
'kid': ekid,
'cty': 'b5+jwk+json',
'enc': 'A256GCM',
'data': optestlib.opb64e(ct),
'iv': optestlib.opb64e(iv)
}
optestlib.p_str("New Public key", json.dumps(jwk_pub, indent=4))
return jwk_pub, priv_out
def gen_old_vault_data():
out = {}
m_key = sym_keys['opv-mk']
m_hmac = sym_keys['opv-mk-hmac']
o_key = sym_keys['opv-ok']
o_hmac = sym_keys['opv-ok-hmac']
o_data = '{"title":"Vault entry for local private vaults","url":"www.example.com","ainfo":"-","ps":75}'
o_data_enc = optestlib.encrypt_opdata(o_data, o_key, o_hmac)
out['overview_data'] = optestlib.opb64e(o_data_enc)
ik_iv = read_default('priv_vault_data.ik_iv') or get_random_bytes(16)
ik_key = read_default('priv_vault_data.ik_key') or get_random_bytes(32)
ik_hmac = read_default('priv_vault_data.ik_hmac') or get_random_bytes(32)
ik_padding = read_default('priv_vault_data.ik_padding')
optestlib.p_data('Item key IV', ik_iv)
optestlib.p_data('Item key', ik_key)
optestlib.p_data('Item HMAC key', ik_hmac)
item_key_data = optestlib.encrypt_tag_cbc(ik_key + ik_hmac, ik_iv, m_key,
m_hmac)
check = optestlib.decrypt_verify_cbc(item_key_data, m_key, m_hmac)
out['key_data'] = optestlib.opb64e(item_key_data)
item_data = '{"fields": [ { "id": "OldPassword;opid=__2", "name": "OldPassword", "type": "P", "value": "notagoodpassword" }, { "designation": "password", "id": "NewPassword;opid=__3", "name": "NewPassword", "type": "P", "value": "OldSk00lRulzFTW!" } ] }'
item_data_enc = optestlib.encrypt_opdata(item_data,
ik_key,
ik_hmac,
iv=ik_iv,
padding=ik_padding)
out['data'] = optestlib.opb64e(item_data_enc)
return out
iterations = int(iterations)
salt = optestlib.get_binary(" Enter the salt (hex or base64 encoded): ")
enc_master_key_data = optestlib.get_binary(
" Enter master_key_data (hex or base64): ")
enc_overview_key_data = optestlib.get_binary(
" Enter overview_key_data (hex or base64): ")
mk, mk_hmac, ok, ok_hmac = optestlib.get_local_vault_keys(
password, salt, enc_master_key_data, enc_overview_key_data)
print "\n* Derived/Decrypted/Derived Vault Keys"
optestlib.p_data('Master Key', mk, dump=False)
optestlib.p_data('Master HMAC Key', mk_hmac, dump=False)
optestlib.p_data('Overview Key', ok, dump=False)
optestlib.p_data('Overview HMAC Key', ok_hmac, dump=False)
print "\n(Base-64 versions for convenience:"
optestlib.p_str('Master key', optestlib.opb64e(mk))
optestlib.p_str('Master HMAC key', optestlib.opb64e(mk_hmac))
optestlib.p_str('Overview key', optestlib.opb64e(ok))
optestlib.p_str('Overview HMAC key', optestlib.opb64e(ok_hmac))
enc_login_data = optestlib.get_binary(
"\nEnter encrypted login data (from accounts table) (hex / base64): ")
PT = optestlib.decrypt_opdata(enc_login_data, mk, mk_hmac)
m_hmac = optestlib.get_binary(
"Enter master HMAC key (base-64 or hex encoded): ")
o_key = optestlib.get_binary(
"Enter overview encryption key (base-64 or hex encoded): ")
o_hmac = optestlib.get_binary(
"Enter master HMAC key (base-64 or hex encoded): ")
o_data = optestlib.get_binary('Enter overview data (base-64 or hex): ')
i_key_data_enc = optestlib.get_binary('Enter item key data (base-64 or hex): ')
i_data = optestlib.get_binary('Enter item detail data (base-64 or hex): ')
print "\n* Decrypting item overview\n"
o_pt = optestlib.decrypt_opdata(o_data, o_key, o_hmac)
optestlib.p_str('Item Overview', o_pt)
print "\n* Decrypting item keys\n"
i_key_data = optestlib.decrypt_verify_cbc(i_key_data_enc, m_key, m_hmac)
i_key = i_key_data[0:32]
i_hmac = i_key_data[32:]
optestlib.p_data('Item Key', i_key)
optestlib.p_data('Item HMAC', i_hmac)
print "\n* Decrypting item details\n"
i_pt = optestlib.decrypt_opdata(i_data, i_key, i_hmac)
optestlib.p_str('Item Details', o_pt)
#
# David Schuetz
# November 2018
#
# https://github.com/dschuetz/1password
#
# Given EMK blob from Windows "1Password10.sqlite" database,
# and user's primary account Master Password,
# decrypts EMK blob to produce master encryption and HMAC keys
#
import optestlib
bin_emk = optestlib.get_binary(
'Enter EMK data (from config table) in base-64 or hex: ')
password = raw_input("\nEnter the master password: ")
PT = optestlib.decrypt_emk(bin_emk, password)
enc_key = PT[0:32]
hmac_key = PT[32:]
optestlib.p_data('Master Enc Key', enc_key)
optestlib.p_str('(base-64)', optestlib.opb64e(enc_key))
optestlib.p_data('Master HMAC Key', hmac_key)
optestlib.p_str('(base-64)', optestlib.opb64e(hmac_key))
optestlib.p_str('Enc+HMAC together', optestlib.opb64e(enc_key + hmac_key))